Total
1264 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41100 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2023-03-10 | N/A | 7.8 HIGH |
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | |||||
CVE-2022-46713 | 1 Apple | 1 Macos | 2023-03-08 | N/A | 4.7 MEDIUM |
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. | |||||
CVE-2023-23039 | 1 Linux | 1 Linux Kernel | 2023-03-06 | N/A | 5.7 MEDIUM |
An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | |||||
CVE-2022-32764 | 1 Intel | 1 Driver \& Support Assistant | 2023-03-06 | N/A | 7.0 HIGH |
Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2018-5198 | 1 Wizvera | 1 Veraport G3 | 2023-03-03 | 6.8 MEDIUM | 8.1 HIGH |
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution. | |||||
CVE-2019-7614 | 1 Elastic | 1 Elasticsearch | 2023-03-03 | 4.3 MEDIUM | 5.9 MEDIUM |
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. | |||||
CVE-2020-3350 | 4 Canonical, Cisco, Debian and 1 more | 5 Ubuntu Linux, Advanced Malware Protection For Endpoints, Clam Antivirus and 2 more | 2023-03-03 | 3.3 LOW | 6.3 MEDIUM |
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. | |||||
CVE-2022-3623 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-03-02 | N/A | 7.5 HIGH |
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability. | |||||
CVE-2022-20078 | 2 Google, Mediatek | 13 Android, Mt6833, Mt6853 and 10 more | 2023-03-02 | 6.9 MEDIUM | 6.4 MEDIUM |
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819. | |||||
CVE-2023-0739 | 1 Answer | 1 Answer | 2023-03-01 | N/A | 6.8 MEDIUM |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4. | |||||
CVE-2017-2636 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-24 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
CVE-2018-15473 | 7 Canonical, Debian, Netapp and 4 more | 24 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 21 more | 2023-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | |||||
CVE-2022-41850 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-23 | N/A | 4.7 MEDIUM |
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | |||||
CVE-2022-41849 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-23 | N/A | 4.2 MEDIUM |
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. | |||||
CVE-2022-3521 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-23 | N/A | 2.5 LOW |
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. | |||||
CVE-2022-47331 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-21 | N/A | 4.7 MEDIUM |
In wlan driver, there is a race condition. This could lead to local denial of service in wlan services. | |||||
CVE-2022-24951 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2023-02-16 | N/A | 7.0 HIGH |
A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future. | |||||
CVE-2022-24950 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2023-02-16 | N/A | 7.5 HIGH |
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId(). | |||||
CVE-2022-39328 | 1 Grafana | 1 Grafana | 2023-02-15 | N/A | 8.1 HIGH |
Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds. | |||||
CVE-2022-3028 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2023-02-14 | N/A | 7.0 HIGH |
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. |